All, Is there any documentation on 2.6.x iptables memory consumption per conntrack entry and possibly per rule? For the former, I realize that there may be many variables that affect how much memory is used based on the actual traffic (e.g. more memory might be used for FTP traffic than for telnet traffic) but what I am after is a general sense of how much memory I would need in order to service a given number of concurrent traffic flows. For example, how much memory should I expect to have available if I want to support 100,000 concurrent traffic flows forwarded through my Linux router? Similarly, for the latter, I imagine the components of a rule might alter the memory consumption but, basically, how much memory does an (admittedly vaguely defined) "average" rule cost? I am hoping some stalwart souls out there have done such an analysis and can publish their results , or point me to their already available data. Failing that, I'd appreciate suggestions on what manner of instrumentation is available for analyzing this (am I gonna have to use brute force like with an hping shell script and before and after /proc/meminfo listings?). Thanks, - Andrew Kraslavsky _________________________________________________________________ Climb to the top of the charts! Play Star Shuffle: the word scramble challenge with star power. http://club.live.com/star_shuffle.aspx?icid=starshuffle_wlmailtextlink_oct- To unsubscribe from this list: send the line "unsubscribe netfilter" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html